Marketplace Middleware Toolkit Initial Setup

The Marketplace Middleware Toolkit is a tool used to connect a Salesforce org that has the marketplace managed package installed and a B2C Commerce instance to act as storefront. The Toolkit was built using .NET 6, and uses a Heroku Instance to host the app. Besides the Heroku Instance, add-ons must be installed for Postgres and RabbitMQ. For deployment of the source code, a local Docker runtime and Heroku CLI are needed.

A new Heroku app must be created. Be advised that the dyno type can’t be free, as the worker must be up 24/7. The following add-ons must be added:

  • CloudAMQP
  • Heroku Postgres
  • Heroku Scheduler (free)

    We don't recommend using the free tier due to the limitations, otherwise choose based on your expected load.

  1. With the source code in hand, configure the Heroku CLI logging in with your account. https://devcenter.heroku.com/articles/heroku-cli

  2. Log in to the repository using heroku container:login.

  3. To deploy the code, open a terminal in the root of the project and run the following commands:

    heroku container:push web release worker_sfcc --recursive --context-path . --app <your_app>

    heroku container:release web release worker_sfcc —app <your_app>

    If configured correctly, there are now 2 dynos in the Heroku app.

  1. To obtain a passphrase, in the terminal run the following command:

    heroku run tools/Atonit.Marketplace.Heroku.CommandLineTools create_encryption_key --app <your_app>

  2. Copy the passphrase, and create a Heroku Config Var with the name ENCRYPTION_KEY.

    This is your secret key for encryption. DO NOT SHARE THIS PUBLICLY IN ANY SHAPE OR FORM. Ideally, this value is only stored in the Heroku Config Var and can’t be changed without a database data clear after it’s in use.

  3. Open the app in Heroku, and check if you successfully see the login page.

    Don’t proceed before configuring the Heroku Scheduler and creating the Admin SuperUser.

Inside the Heroku Scheduler create the following configurations:

  • tools/Atonit.Marketplace.Heroku.CommandLineTools clean_logs <hours> - deletes all logs from the database older than X hours, so the log doesn’t grow indefinitely. We recommend also having a database backup strategy.
  • curl [https://<your_app>.herokuapp.com/api/ping](https://atonit-marketplace-v2.herokuapp.com/api/ping) - pings the website every 10 minutes ensuring the process doesn’t sleep and is always responsive.

The admin superuser must be created with the Heroku CLI.

Open a terminal and run the following command:

heroku run "tools/Atonit.Marketplace.Heroku.CommandLineTools insert_admin_user '<user_name>' '<password>'" --app <your_app>

The password must meet the following criteria:

  • Passwords must be at least 12 characters.
  • Passwords must have at least one non-alphanumeric character.
  • Passwords must have at least one digit ('0'-'9').
  • Passwords must have at least one uppercase ('A'-'Z').

Keep this password in a secure location as it isn’t retrievable.

Make sure all dynos are active and running. Open the web app and log in using the admin user credentials. If you ‘re able to log in, the setup finished correctly and you can proceed with the configuration.

Logging is configured to store a subset of logs in the database so they can be easily displayed on dashboards for the integrations. All logs also go through the default Heroku log pipeline.

For security audit reasons, it’s recommended to contract a logging add-on for Heroku and save it for audits.

For more information, see Heroku Add-ons.

For added security to the login page, we recommend configuring Google reCAPTCHA to prevent password testing bots.

  1. Create a reCAPTCHA V2 account and add your [app].herokuapp.com domain.

    Be advised that Terms & Conditions and pricing from Google apply. It is your responsibility to monitor usage.

  2. Copy the values of the Site Key and Secret Key, and add them as separate Heroku Config Vars with the names GOOGLE_RECAPTCHA_SITE_KEY and GOOGLE_RECAPTCHA_SECRET_KEY.

  3. Refresh the Heroku app, and test if the reCAPTCHA successfully appears in the login page.